karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Savage (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-979) access control for shell commands
Date Wed, 02 Nov 2011 17:47:33 GMT

    [ https://issues.apache.org/jira/browse/KARAF-979?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13142344#comment-13142344
] 

Robert Savage commented on KARAF-979:
-------------------------------------

Just thinking out loud but perhaps some configuration file for managing access control over
(existing) shell commands both discrete commands by name and perhaps ground of commands by
scope.  

Ideally long term it would be nice to support an optional attribute/annotation "roles" for
commands, thus when creating new custom bundles that extend the console and add new commands,
these commands could intrinsically support the access-control roles convention.
                
> access control for shell commands
> ---------------------------------
>
>                 Key: KARAF-979
>                 URL: https://issues.apache.org/jira/browse/KARAF-979
>             Project: Karaf
>          Issue Type: New Feature
>          Components: karaf-shell
>    Affects Versions: 2.2.5
>            Reporter: Robert Savage
>              Labels: access, admin, command, console, permission, role, shell, user
>             Fix For: 3.0.0
>
>
> Feature first discussed in mailing list.
> @See: http://karaf.922171.n3.nabble.com/shell-commands-amp-user-roles-td3474148.html
> ------------------------------------------------------------------------------------
> Create a method to define more granular level of user access to see (list/autocomplete)
and execute commands via the (SSH) shell. 
> Thus supporting the ability for certain commands be restricted to a configured set of
user roles via the command's name or scope.
> Really what I'm after is a two level access system.  An "admin" level that has full access
to all commands, scripting, introspection, etc.  And a "user" level of access that perhaps
only provides access to a limited number of command.  Additionally "user" level access would
disallow scripting and introspection capabilities.   

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message